The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Secure Storage feature allows you to secure critical configuration information by encrypting it. It encrypts asymmetric key-pairs, pre-shared secrets, the type 6 password encryption key and certain credentials. An instance-unique encryption key is stored in the hardware trust anchor to prevent it from being compromised.
By default, this feature is disabled.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
configure terminal Example: |
Enters the global configuration mode. |
|
Step 2 |
service private-config-encryption Example: |
Enables the Secure Storage feature on your device. |
|
Step 3 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 4 |
write memory Example: |
Encrypts the private-config file and saves the file in an encrypted format. |
To disable Secure Storage feature on a device, perform this task:
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
configure terminal Example: |
Enters the global configuration mode. |
|
Step 2 |
no service private-config-encryption Example: |
Disables the Secure Storage feature on your device. When secure storage is disabled, all the user data is stored in plain text in the NVRAM. |
|
Step 3 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 4 |
write memory Example: |
Decrypts the private-config file and saves the file in plane format. |
Use the show parser encrypt file status command to verify the status of encryption. The following command output indicates that the feature is available but the file is not encrypted. The file is in ‘plain text’ format.
Device#show parser encrypt file status
Feature: Enabled
File Format: Plain Text
Encryption Version: Ver1
This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.
|
Release |
Feature |
Feature Information |
|---|---|---|
|
Cisco IOS XE Fuji 16.9.2 |
Secure Storage |
Secure Storage feature allows you to secure critical configuration information by encrypting it. It encrypts asymmetric key-pairs, pre-shared secrets, the type 6 password encryption key and certain credentials. An instance-unique encryption key is stored in the hardware trust anchor to prevent it from being compromised. |
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
Feedback